TY - GEN
T1 - I Know What You Did Last Summer
T2 - 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS 2020
AU - Ivkin, Nikita
AU - Basat, Ran Ben
AU - Liu, Zaoxing
AU - Einziger, Gil
AU - Friedman, Roy
AU - Braverman, Vladimir
N1 - Publisher Copyright:
© 2019 Owner/Author.
PY - 2020/6/8
Y1 - 2020/6/8
N2 - Modern telemetry systems require advanced analytic capabilities such as drill down queries. These queries can be used to detect the beginning and end of a network anomaly by efficiently refining the search space. We present the first integral solution that (i) enables multiple measurement tasks inside the same data structure, (ii) supports specifying the time frame of interest as part of its queries, and (iii) is sketch-based and thus space efficient. Namely, our approach allows the user to define both the measurement task (e.g., heavy hitters, entropy estimation, cardinality estimation) and the time frame of relevance (e.g., 5PM-6PM) at query time. Our approach provides accuracy guarantees and is the only space-efficient solution that offers such capabilities. Finally, we demonstrate how the algorithm can be used to accurately pinpoint the beginning of a realistic DDoS attack.
AB - Modern telemetry systems require advanced analytic capabilities such as drill down queries. These queries can be used to detect the beginning and end of a network anomaly by efficiently refining the search space. We present the first integral solution that (i) enables multiple measurement tasks inside the same data structure, (ii) supports specifying the time frame of interest as part of its queries, and (iii) is sketch-based and thus space efficient. Namely, our approach allows the user to define both the measurement task (e.g., heavy hitters, entropy estimation, cardinality estimation) and the time frame of relevance (e.g., 5PM-6PM) at query time. Our approach provides accuracy guarantees and is the only space-efficient solution that offers such capabilities. Finally, we demonstrate how the algorithm can be used to accurately pinpoint the beginning of a realistic DDoS attack.
KW - attack time localization
KW - heavy hitters
KW - interval query
KW - l2
KW - sketch
UR - https://www.scopus.com/pages/publications/85086999810
U2 - 10.1145/3393691.3394193
DO - 10.1145/3393691.3394193
M3 - Conference contribution
AN - SCOPUS:85086999810
T3 - SIGMETRICS Performance 2020 - Abstracts of the 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems
SP - 61
EP - 62
BT - SIGMETRICS Performance 2020 - Abstracts of the 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems
PB - Association for Computing Machinery, Inc
Y2 - 8 June 2020 through 12 June 2020
ER -